[Jason_Protell]

What are the most serious secure messengers?

[snoutie]

I personally like the approach Threema has. They provide their own push serice called Threema Push[1] which is opt-in for google play store version. The push notifications for Threema do not contain any sensitve information either way.[2] They also have a libre version on F-Droid.

[1]https://threema.ch/en/faq/threema_push

[2]https://threema.ch/en/faq/privacy_push

[martinsnow]

Their web client is based on angular.js - i wouldn't dare trust it with private information.

[snoutie]

I'm not a huge expert on web frameworks. Can you clarify your concerns?

[orangepurple]

Threema may very well be the Crypto AG of our times

[keep_reading]

Why would you say that? It's open source and has reproducible builds

[orangepurple]

Play Store version could be anything

[snoutie]

i fail to see how the play store version could be "anything" considering you can reproduce the builds. can you enlighten me how something like this would be possible?

[orangepurple]

You can reproduce the builds yourself but you have no control over what happens to the app APK once it is uploaded to Google then distributed via the Play Store. I suppose you could checksum the APK before and after and make sure your app is exactly the same before and after sending it to Google to distribute via the Play Store. Google doesn't have much motivation TODAY to mess with APKs directly since they have Google Play Services which is essentially a rootkit running on your phone all the time and it is easily accessible by the NSA through Google's infrastructure, probably by a secret FISA warrant with a gag order. Maybe they don't need a warrant. Think we would ever find out?

[contact9879]

Signal